Crowdstrike Integration
- Visit the Webhooks page in Binalyze AIR,
- Click the "+ New Webhook" button in the upper right corner,
- Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
- Select "Crowd Strike Webhook Parser" as the parser for this webhook,
- Select an Acquisition Profile,
- Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy.
- Click the "Save" button,
- Hover your mouse over the link below the Webhook name and double-click to copy
- Go to Crowdstrike Store, find the Webhook Plugin, and open it.
- Click Configure, and fill in the blanks
- Name: Give an explanatory name
- Webhook URL: Paste the webhook you created earlier,
- Click Notify On Configuration Failure and save the configuration.
- Go to Fusion workflow,
- Create a workflow or use an existing one,
- Create a trigger, Add action
- Choose action type: Notification
- Choose the webhook name you created in the second step
- Add Sensor Hostname to Data to Include
Save and exit.
Last modified 2mo ago